CVE-2018-0824

A remote code execution vulnerability exists in "Microsoft COM for Windows" when it fails to properly handle serialized objects, aka "Microsoft COM for Windows Remote Code Execution Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers.
References
Link Resource
http://www.securityfocus.com/bid/104030 Broken Link Third Party Advisory VDB Entry
http://www.securitytracker.com/id/1040848 Broken Link Third Party Advisory VDB Entry
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0824 Patch Vendor Advisory
https://www.exploit-db.com/exploits/44906/ Exploit Third Party Advisory VDB Entry
Configurations

Configuration 1 (hide)

OR cpe:2.3:o:microsoft:windows_10_1507:-:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_10_1607:-:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_10_1703:-:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_10_1709:-:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_10_1803:-:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_7:-:sp1:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_8.1:-:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_rt_8.1:-:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_server_1709:-:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_server_1803:-:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:itanium:*
cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:x64:*
cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_server_2016:-:*:*:*:*:*:*:*

History

08 Aug 2024, 14:50

Type Values Removed Values Added
CVSS v2 : 5.1
v3 : 7.5
v2 : 5.1
v3 : 8.8
CPE cpe:2.3:o:microsoft:windows_10:1709:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_10:1803:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_server_2016:1803:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_server_2016:1709:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_10:1607:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_10:1703:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_10:-:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_10_1703:-:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_10_1709:-:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_10_1507:-:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_10_1803:-:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_server_1709:-:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_server_1803:-:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_10_1607:-:*:*:*:*:*:*:*
References () http://www.securityfocus.com/bid/104030 - Third Party Advisory, VDB Entry () http://www.securityfocus.com/bid/104030 - Broken Link, Third Party Advisory, VDB Entry
References () http://www.securitytracker.com/id/1040848 - Third Party Advisory, VDB Entry () http://www.securitytracker.com/id/1040848 - Broken Link, Third Party Advisory, VDB Entry
First Time Microsoft windows Server 1709
Microsoft windows 10 1709
Microsoft windows 10 1703
Microsoft windows 10 1607
Microsoft windows 10 1803
Microsoft windows 10 1507
Microsoft windows Server 1803

Information

Published : 2018-05-09 19:29

Updated : 2024-08-08 14:50


NVD link : CVE-2018-0824

Mitre link : CVE-2018-0824

CVE.ORG link : CVE-2018-0824


JSON object : View

Products Affected

microsoft

  • windows_10_1703
  • windows_10_1507
  • windows_7
  • windows_8.1
  • windows_10_1607
  • windows_server_2016
  • windows_server_1803
  • windows_10_1803
  • windows_rt_8.1
  • windows_server_2008
  • windows_server_2012
  • windows_server_1709
  • windows_10_1709
CWE
CWE-502

Deserialization of Untrusted Data